Incident Response Analyst

Incident Response Analyst (Task 4 – Federal Cybersecurity Contract)

Location: Remote with occasional on-site (Washington, D.C. Metro Area)

Employment Type: Full-Time

Clearance: Public Trust (or eligibility to obtain)

We are seeking an experienced Incident Response Analyst to support Task 4 – Incident Response Management on a federal cybersecurity services contract. This role provides front-line security event triage, investigation, reporting, and coordination across multiple federal cybersecurity teams.

The ideal candidate has hands-on experience with enterprise IR tooling:
Crowd Strike
, Fire Eye (Trellix),
Splunk
, Net Witness
, and Magnet AXIOM – and is comfortable working in a high-tempo operational environment aligned with federal cybersecurity frameworks (NIST, FISMA, OMB).

• Perform initial triage of security events from SIEM, EDR, NDR, and log sources, including Crowd Strike
  , Fire Eye/Trellix
  , Splunk
  , Net Witness
  , and related platforms.
• Conduct incident investigations
  , including host and network forensics, log analysis, and evidence review using tools such as Net Witness and AXIOM
  .
• Coordinate closely with HHS CSIRC, OpDiv incident response teams, system owners, and security engineering staff to validate findings and recommend containment actions.
• Provide daily updates
  , SITREPs, and written documentation of incident status, investigative steps, and remediation recommendations.
• Develop incident dashboards and knowledge base documentation within Splunk and other IR platforms.
• Support containment, eradication, and recovery efforts aligned to federal IR procedures.
• Participate in tabletop exercises
  , readiness assessments, and operational continuity testing.
• Monitor and manage the Incident Response Team (IRT) mailbox; elevate urgent items within required SLAs.
• Assist with audit support, evidence gathering, and post-incident reviews.
• Contribute to continuous improvement of incident response processes and playbooks.

• 2–5+ years of experience in cybersecurity operations, SOC analysis, or incident response.
• Direct hands‑on experience with IR tools, including:
• Crowd Strike Falcon (EDR)
• Fire Eye/Trellix (HX, Helix, or equivalent)
• Splunk (SIEM, dashboards, search queries)
• Net Witness (network forensics, packet analysis)
• Magnet AXIOM (host forensics)
• Strong understanding of adversary techniques, malware behavior, incident timelines, and forensic artifacts.
• Familiarity with NIST 800-61
  , NIST 800-53
  , FISMA, OMB guidance.
• Ability to clearly document investigations and communicate findings to technical and non‑technical audiences.
• Eligibility to obtain and maintain a Public Trust clearance
  .

• Experience supporting federal agencies (HHS, DHS, DoD, DOJ, etc.).
• Certifications such as Security+,
  CySA+,
  CEH
  , GCIH
  , GCIA
  , CHFI
  , or related.
• Experience performing threat hunting across EDR, SIEM, and NDR tools.
• Familiarity with packet analysis tools (Wireshark) and scripting languages (Python, Power Shell).
• Experience with Service Now or similar ticketing platforms.

• Core hours: 7:00 AM – 5:00 PM EST
  , Monday through Friday, with the flexibility to support after-hours incidents as needed.
• Participation in on‑call rotations may be required.
• Remote work permitted with reliable connectivity and camera‑enabled participation.